I am creating a new website for online shopping in .net and was wondering if i have another option beside Forms authentication to validate the users in a safe and secure way (this has been around for ...

For a web app, the client side is javascript in the browser. The server side is ASP.NET with a REST API. At present there is a single server but we plan to scale out with a server each in the US, UK, ...

I work for an online shop and since I worked here we have stored customer passwords in plaintext. I joined the company as a data inputter and when I discovered that we did this I flagged it up with ...

There's this "change password" ASP.NET form that has both event validation and viewstate enabled. There are no specific anti-csrf tokens. From I understanding, in order to execute a successful CSRF ...

I'm a regular guy running two small franchise businesses with a basic understanding of computers etc, (very basic really), but I am certain my home network has been hacked and I am finding lots of new ...

When I put Username:anything and Password : 1'or'1'='1
Then my database retrieves the first row in the mysql table. But I want to retrieve the row corresponding to Username:anything row. How should I ...

I've identified an XSS in a client's application where they've failed to properly sanitize a variable. The application, however, is written in ASP.NET 2.x and they have request validation turned on.
...

Does encrypting a value in the web.config file actually provide any real protection? It seems to me that any web app can read that setting. Yes that's more work than just reading the web.config file, ...

The site Mustache-Security describes XSS vulnerabilities in KnockoutJS... The vulnerabilities come from the use of eval (or some equivalent) to convert text in the data-bind attribute to executable ...

Say you have an ASP.NET page that lists the prices for certain items in labels. I know it's cringe-worthy, but say you took the price of the item from the label on the page to determine what the user ...

Is IIS and ASP vulnerable to the same Host Header Attacks we have seen on Apache and Nginx? Specifically the attacks that use the HTTP Host Header to reset a password or implement web-cache poisoning. ...

Hello Currently I am setting up a server for college students (this includes tech-savy IT students as well) and I will be using IIS 7.5 with Webdav for the students to access their files from home. ...

We are a company that has many web applications developed in ASP.NET. Our Internet service provider (Telefonica) wants to test our web sites looking for vulnerabilities. For that, they are asking us ...

(Cross-posting this here on the advice of a user at stackoverflow...)
Got a philosophical security question for everyone. I'm sketching out an ASP.NET web application design where sensitive data for ...

I have an Asp.net site. Which hosting system do I need to secure it adequately* against anyone reading private information that's on the server? This is assuming I'm not worried about the sysadmins ...